NSA Has Used Covert Operatives in Foreign Companies to Advance Surveillance Capabilities

Mention the National Security Agency (NSA) and visions of mathematicians and computer scientists working in windowless offices somewhere spring to mind. But according to documents leaked by Edward Snowden, a former contractor who obtained classified information about U.S. domestic spy operations, the NSA also employs agents who work in foreign companies and physically compromise devices and computer networks.

The materials, published by The Intercept, show that the NSA has agents working in China, Germany and South Korea to accomplish this mission. So-called TAREX (target exploitation) personnel are also stationed at NSA centers in Hawaii, Texas and Georgia as well as at U.S. embassies.

“It’s something that many people have been wondering about for a long time,” Chris Soghoian, principal technologist for the American Civil Liberties Union, told The Intercept. “I’ve had conversations with executives at tech companies about this precise thing. How do you know the NSA is not sending people into your data centers?”

The overall name of the project is Sentry Eagle. Under that label, there are six programs:

The Sentry Eagle papers reference agents infiltrating undercover into private companies. It’s unclear whether these are foreign or American companies.

Matthew Prince, chief executive of server company CloudFlare, told The Intercept that he doesn’t think the agency is infiltrating U.S. companies because of political and legal issues. “I would be surprised if that were the case within any U.S. organization without at least a senior executive like the CEO knowing it was happening,” he said, but added that as far as penetrating foreign firms goes, “I would be more surprised if they didn’t.”

All the materials made public were referred to as “very highly classified,” and were supposed to be shared with a limited number of people and then only with the approval of a high-level intelligence official such as the head of the NSA.

Snowden’s leak wasn’t the only clue that the NSA was engaged in such operations. In December 2013, documents obtained by the German news magazine Der Spiegel indicated that the NSA had an office of Tailored Access Operations that performed tasks such as intercepting computer equipment on its way to a targeted organization, installing hardware or software to allow the agency to access the device, and sending it on its way.